A recent phishing campaign detected by Cloudflare appears to be using a new WordPress 0day vulnerability. The attack involves sending out emails with links that lead to compromised WordPress sites hosted by Bluehost, which then attempt to collect users' credentials. This is not the first time such an attack has occurred, and it highlights the importance of protecting vulnerable CMS sites to prevent potential victims from being exploited. Cloudflare has worked with Bluehost to identify and neutralize the remaining affected sites in this campaign. Users can stay safe by following tips such as never clicking on links in unsolicited emails, being vigilant about spelling and URLs, and enabling two-factor authentication where possible.